Attack #1An attacker can inject XSS code into the web management interface at the login screen. The XSS code can be injected through the username field. The system will log failed login username attempts. When the administrator goes to view the logs through the web management interface, the XSS code will be executed. The logs can be located through the web management interface here:

Statistics / Logs / Log Traces / System Logs

Attack #2An attacker can inject XSS code into the web management interface via SMS text message. When the administrator goes to view the logs through the web management interface, the XSS code will be executed. The logs can be located through the web management interface here:

SMS Services / Inbox

Below is a POC video demonstrating the attack:

3. Impact:

Potentially allow an attacker to compromise the device, access the victim’s iSMS account, the vicitim's browser, and information leakage about an organization.